Store (or clear) the API bearer token obtained from POST /api/v1/auth/login
(or /auth/register, /auth/refresh). Persisted to localStorage so a
packaged client stays signed in across launches. Pass null/'' to clear,
e.g. on logout.
expiresAt (the ISO-8601 expires_at the auth endpoints return) is stored
alongside so the client can refresh proactively before it lapses
(maybeRefreshAuthToken).
When set, every request carries Authorization: Bearer <token>. This is how
a cross-origin client authenticates, since cookies are not sent to a remote
server (see setApiServer); same-origin callers can ignore it and keep
using the session cookie.
Store (or clear) the API bearer token obtained from
POST /api/v1/auth/login(or/auth/register,/auth/refresh). Persisted to localStorage so a packaged client stays signed in across launches. Passnull/'' to clear, e.g. on logout.expiresAt(the ISO-8601expires_atthe auth endpoints return) is stored alongside so the client can refresh proactively before it lapses (maybeRefreshAuthToken).When set, every request carries
Authorization: Bearer <token>. This is how a cross-origin client authenticates, since cookies are not sent to a remote server (see setApiServer); same-origin callers can ignore it and keep using the session cookie.